Forum gets Hacked

[WD8BIL]

Say, You haven't seen a Ted Nugent thread around here, have you? 

Huntin' season has started so Ted is a bit busy killin' n grillin'.
I have a feeling he'll be back. He'll need some veges to round out his plate.

[Tom WA3KLR]

John,

I've worked in companies that create electronics products my whole career.  Since 1977 the products include software.  In that situation you see the "computer programmers" that are "professionals" and the ones that are "idiots".  There is a big difference.   Both groups give the hardware engineers some grief, but the idiots give us much more grief.

[Steve - WB3HUZ]

They're called Computer Scientists and theoretically, they apply scientific principles to software programming and the like. Lots of people program and about 99.9% do it poorly (no structure, commenting, etc.) Thus, we end up with buggy programs, piss poor user interfaces, diffucult to edit or update software, and continual reinvention of the wheel.

Yep, there pretty much all hackers - don't know what they're doing (just like a crappy golf player/hacker).

[W1QWT]

Food for thought

How does  "computer programmer" become a ultimate carreer or professional goal ? It's a joke

In my opinion there are two issues here and two different titles. There is 'computer programmer' and 'software engineer'. I suppose that if you can make a program print, "Hello world" then you are a computer programmer? Or not? Young kids who do this have been called computer experts or geniuses. I cringe when I hear this!
I call the IS people in our company 'computer programmers' cause they write business type software to run on a computer, based on known designs.
Software engineers, however, have to first design the system, then the algorithms to implement the system in real time, and finally the easy part is to write the code and debug the syntax. Seems like 80% of the project is spent on the design and documentation phase.

The first two parts are the most difficult and require an engineering degree. I just finished designing an algorithm to implement a FIR filter for an embedded system.

Lots of math!

 Also when I do digital communications design I am required to do lots of advanced math.
Over the years I have done hardware design including VHF receivers but now I am
doing embedded software and find it challenging which I like. The challenge for me comes from figuring out a design, dealing with real time issues, and the peculiarities  and often vagueness’ of the hardware.
When I was in undergraduate school the hardest course I took was 'Numerical Algorithms'.
My boss is a PHD EE from MIT and he can write programs but can't make a FIR filter fit in a certain number of bytes and execute fast enough in real time so that nothing crashes, literally! When he finishes a new hardware design, which includes one or more microprocessors, he brings it to me and usually says, "Here Bob, make this do something usefull".

I don't think either computer programmer or software engineer is a joke as a profession. Besides they pay well!
Also my final point is that I don't consider the 'modern language' C or C++ to be easy.
In fact these languages don't have as strict a sytax as earlier languages and allow a 'programmer' to easily makes mistakes and get undesired results. Especially if your doing an object oriented design. Actually I find assembly language to be easier.
Just my thoughts on the subject.

Regards
Q, W1QWT

[Steve - WB3HUZ]

Seems like 80% of the project is spent on the design and documentation phase.

This is what separate the men from the boys. Too many so called programmers these days just start out coding without doing any design or planning. It's all about showing off your coding chops instead of thinking. Another trait amongst such so called programmers is that usually they can only do it in one language or one script. That's why you get the goofiness of the C/C++ versus Objective C versus Visual Basic or Perl versus PHP wars. No matter what the application or requirement, they try to jam it into their little code box, usually with terrible results.

[John Holotko]

Food for thought

How does  "computer programmer" become a ultimate carreer or professional goal ? It's a joke

I don't think either computer programmer or software engineer is a joke as a profession. Besides they pay well!
Also my final point is that I don't consider the 'modern language' C or C++ to be easy.
In fact these languages don't have as strict a sytax as earlier languages and allow a 'programmer' to easily makes mistakes and get undesired results. Especially if your doing an object oriented design. Actually I find assembly language to be easier.
Just my thoughts on the subject.Regards
Q, W1QWT

C is not easy. In that I mean it's easy to write C code but it's not easy to use C correctly. C  sort of straddle the line between being a high level and a low level programming langauge. C does allow low level access to systems resources. It also allows one to access and allocate areas of memory via pointers, and thats where a  lot of people get into trouble and wind up writing buggy code thats chock full of memory leaks and other assorted problems. I've  noticed that some people writing C code use pointers but don't  have a grasp on what  they are doing. The very concept of pointers, indirect pointers confuses many early on in their study of C and unfortunately many still don;t have a grasp when they start programming. Some of these people need to  either re-learn how to use C correctly or else program in some "safer" langauge,like Java which has no pointers. . Then there are those who tend to overuse pointers in C. That can be as bad or worst than not knowing how to use them.  No need to give examples here as anyone who's following me thus far has probably seen plenty of sloppy use of pointers.  And understanding how Assembly and how C function calls translate to assembly as well as a working knowledge of how the stack can be helpful.

Assembly langauge is not as hard as some make it out to be. And while I probably wouldn't use it to code  many projects these days it still comes in quite handy and, if nothing else, a working knowledge of assembly can give programmers a more thorough understanding of how things are structured on the  machine level.
 
Just my 2 cents.

[KB2WIG]

software/hardware interface design makes me want to wrap my head in duct tape and place my hand drill on my forehead and drill away..    klc

[John Holotko]

They're called Computer Scientists and theoretically, they apply scientific principles to software programming and the like. Lots of people program and about 99.9% do it poorly (no structure, commenting, etc.) Thus, we end up with buggy programs, piss poor user interfaces, diffucult to edit or update software, and continual reinvention of the wheel.

Yep, there pretty much all hackers - don't know what they're doing (just like a crappy golf player/hacker).

The problem I have with hackers is that whikle some of them are bright, capable of solving problem and wring code they may produce code that works very well  but is difficult to maintain. many of them have bad attitudes,lack communications skills,  and their code is not easilly adaptable. I have noticed this problem in a lot of open source code that I have examined and used but it is also true in the closed  source world.

Few  people have the skill to write quality code that  does not contain the problems you are describing. The few that can are probably right here on this board. After all, we  AM'ers do everything perfect. 

[wa2zdy]

CRACKERS !!! not hackers

Crackers? What are you talking about. Crackers are certain white people from the South.

I was called "cracker" lots in 24 years working in the state prison. 

Either I had visions of watching the lion tamer at the circus, or I got hungry thinking about Saltines and peanut butter.

[wa1knx]

ha, Q and steve HUZ.  as a engineer supporting existing code, you all have that
right about design and documentation! (let alone meaningful symbols instead
of I , J , K , we had those to ). . We had 60+ engineers over many years working on our
products.

   Finally left to 4 of us, sigh.  Some pieces, written sweet, easy to walk their
thinking paths.   Others, I could shoot!  one jerk snuck in a one line 4000hex add to
a image header pointer offset. kept me guessing until I did a code diff, since before
he was hired. no comments, just tucked that lil' mo-fo in my code. checking the
library insertion dates from bad coders proved valuable!

[John Holotko]

Often projects have deadlines and the rush to get the project completed and the product to market precludes the idea of good design and documentation from beginning to end. Many projects seem to start out with good design in mind but rapidly deteriorate as deadlines draw nearer, deadline extensions run out,  and pressure from managers starts  to get  heavier  and heavier. Suddenly codse turns from we'll designed andf organized to sloppier and slopper coding with more and more bugs, quick fixes, patchworkand less and less documentation.  Then when it comes time for someone to maintain/ upgrade/ modify  the code they wind up spending more  time trying to decipher whatit all means and what it does than fixing it.  The overall result ? more time wasted for the time saved earlier.
Fixing someone else's sloppy code can bemore difficult than writing it yourself  from scratch.

[W3SLK]

John said:

Suddenly codse turns from we'll designed andf organized to sloppier and slopper coding with more and more bugs, quick fixes, patchworkand less and less documentation.

They're not bugs, they are features!

[W1QWT]

as a engineer supporting existing code

Yes, I have found that supporting existing code is one of the most difficult aspects of the job. I have also seen code written cryptically, to showoff I suspect. I have also seen lots of code written without proper documentation. I remember one of my professors telling us that we should strive to "write well documented code and to always use standard syntax contructions to avoid confusing those that follow us".
I have tried to follow that advice during my career and I think I have done well.
Sometimes I have to put my foot down to management and take the time to do it right. Also with each project I provided a "software design document" which has everything you need to know in order to maintain it including how to regenerate it, algorithm design theory, flow charts and or state diagrams, function timing information, and even test suites and  software test results. I force every line of code to be executed to find surprises.
When all that is done then I will release it to Beta.
In my opinion someone who inserts obscurity into code or who finds a new way to accomplish the same thing as the textbook method  is doing an injustice to those down the road and to thier company. After all if someone comes along two years later with the charge to make a change and sees some bizzare, non textbook code, they have to then take the time to understand what is going on before they can start the task at hand. In effect making the job longer than it should be and somethimes going down into the dissasembled code to see what is going on. Oh yeh one other problem with using non standard constructions I have run into is that when the code is recompiled with a newer version of compiler the results may change.

And another Oh yeh while I am at it. "Robust code" if you will. I have run into lightning stikes changing Special function registers in microprocessors. Having been bit by this many years ago I now keep checking the SFR's for change and if detected I reset them. I could tell you of problems I have had with watchdog timers but that is for another time.

Regards and Happy Labor Day
I am painting the house! Oh Boy!

Q, W1QWT

[wa1knx]

Q, I maintained the libraries and that can be a job will sloppy checkins. one
thing we had, I would impliment at another job. we called it source code
text. a dated kept in what we call notes, really much like this forum. it
was a paper trail. type of fix, why, what modules touched, who reviewed
it etc. - yes everyones work was looked over by others. finally i looked over
all of them!  It was the vms operating system itself, so a mistake could
screw up thousands of customers. sounds like we've all been there with
lousy code!

[John Holotko]

Q, I maintained the libraries and that can be a job will sloppy checkins. one
thing we had, I would impliment at another job. we called it source code
text. a dated kept in what we call notes, really much like this forum. it
was a paper trail. type of fix, why, what modules touched, who reviewed
it etc. - yes everyones work was looked over by others. finally i looked over
all of them!  It was the vms operating system itself, so a mistake could
screw up thousands of customers. sounds like we've all been there with
lousy code!

Kind of like a revision chekins system like CVS or RCS of the Unix world. You have a central repository, developers/maintainers check out code, make the changes, check it back in, but it can be reviewed before being committed to another/latest revision. You can also do branches, etc. Most important, if a bad  bug gets committed you can roll things back. Good way to  get out of trouble when people start runnin the code and  saying OUCH !!  vms was  cool. I learned on it for years. Ran it on the VAX. Sure miss those days. I do mostly Unix now. Haven't played vms in years.
 

[k4kyv]

The AWA Message Board got hacked the same day.  It is an open board with free access like the old AM Window BB, so all they had to do was enter the site and post bogus messages. One of the bogus posts contained a link named cirky, which was really a link to www.yourfreevids.com.  That URL is blocked by my custom HOSTS file.  Another bogus message linked to meta.7search.com which also shows up in the HOSTS file.

I did a Google search for the yourfreevids site, and here is the result:

Don't pay for porn when you can get it for free.Click on this link to download free sex movies.IntCodec-v6.689 is required to play YourFreeVids's movie files(you can download this codec from our site).

This site is known to contain spyware, trojans or other malware or it wouldn't be listed on the custom HOSTS file.

[Bacon, WA3WDR]

Nowadays if a discussion board is not secure, spammers flood it using a number of tricks, so that they can leave their stupid advertisements.  Google picks up the ads, customers find them using Google, and that's how spammers make money off the bogus member entries.  You see all kinds of commercial website links in "comments" and "referers" on blog boards, and likewise on discussion boards you see bogus robot "users" leaving ads in posts and signature files, and the personal website fields often have stupid commercial sites in them.  Kids find scripts that insert characteristic member names with machine-gun speed, and you see this, blindly copied and run, all the time.  Discussion boards have been under siege for years.  I swear, if some group wrote a worm program that would take over the script kiddies' computers, and posted it as a new exploit, they could get a big botnet going in a matter of hours, before anybody knew what was happening.

The board writers are probably in on it with the spammers, because some of the stupidest things are written into the board releases.  Board managers need to modify the board code to prevent that stuff, and it's really not very hard to keep that stuff out.  That's why I consider the gaping security holes in free boards to be deliberate.

Board management can block that stuff fairly easily.  The really bad stuff is the trick calls and malformed packet games that more sophisticated hackers play.  They get in by sending a sequence of obscure commands that everybody forgot, or by tricking input parsing code into crashing, in a way that gives them control.  They are really on the edge of their seats looking for the latest new exploit, and then jumping on boards that they have checked out and listed ahead of time.

<edit> fixed spelling "eseasily"

[Steve - WB3HUZ]

CMM a and formal verification. Lots less bugs, way better code.

[John Holotko]

Most free bbs'es are examples of poor coding and are hack jobs. They are hobby programs.  They lack good design. All to often hack style developers slam dunk a project into their favorite langauge ignoring good design.  Then they document and support their project in "hack speak".  That totally pisses me off.

This is a major problem in ( but not limited to) the open source arena. And believe me, I do  like and use a lot of open source. But a lot of it and the attitudes of a lot of developers give me chills.  Like when I read in the Linux Journal that a hack style  programmer is to be praised and classified as a good programmer gives me flu like symptoms. I am not sdaying I dislike open souce, I use it extensively myself. But whatmakes programmers think that they are somehow above good design.

As Steve pointed out CMM.  Don't code till you embellish quality design. It'swhat separates real software engineers from hack (hobby) programmers..

[WA1GFZ]

real CMM sends the hackers packing but sometimes they move into CMM because they can't code.

[Todd, KA1KAQ]

Hmm.....I thought the title of 'computer programmer' went out a decade ago or more? We've always been called 'Systems Programmers' or sysproggies, until a few years back when the warm-fuzzies decided it should be changed to 'Systems Developers'. We don't actually develop anything, we program it to work in our shop using our parameters. IBM develops their software (like zOS), then issues a new release. But what do I know? 

The hackers (aren't crackers really just a sub-species of hackers?) apparently have a running competition as to who can deface or corrupt the most sites. I don't think it was a particular attack against amfone (or they would've left a message like "SSB RoOLz"), more likely an opportunity to exploit known holes in the software and gain more bragging rights. Turks, Iranians, whatever. A few years ago it was the Chinese and Koreans along with some former Eastern Bloc countries. They're probably still at it too. 

Best thing to do is avoid software they target. Easier said than done, for the average user.